Main Vulnerability Database SB2020010621

SB2020010621 - Information disclosure in Debian Linux

Published: January 6, 2020 Updated: August 8, 2020

Security Bulletin ID SB2020010621

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2019-18179)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions.

Remediation

Install update from vendor's website.

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00038.html
https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
https://lists.debian.org/debian-lts-announce/2020/01/msg00000.html